4.1 Example Involving System Audit Subcategory Settings

In the following example, an administrator specifies that the designated audit settings be applied for computers to which a certain GPO applies:

  • Exclude audit attempts for IPsec Driver.

  • Audit successful attempts for System Integrity.

  • Audit successful and failed attempts for IPsec Extended Mode.

  • Leave the File System policy unchanged.

     Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
     TEST-MACHINE,System,IPsec Driver,{0CCE9213-69AE-11D9-BED3-505054503030},No Auditing,,0
     TEST-MACHINE,System,System Integrity,{0CCE9212-69AE-11D9-BED3-505054503030},Success,,1
     TEST-MACHINE,System,IPsec Extended Mode,{0CCE921A-69AE-11D9-BED3-505054503030},Success and Failure,,3
     TEST-MACHINE,System,File System,{0CCE921D-69AE-11D9-BED3-505054503030},Not specified,,0